[Free] 2017(Aug) CollectDumps Passguide Cisco 500-258 Dumps with VCE and PDF 11-20

CollectDumps 2017 Aug Cisco Official New Released 500-258
100% Free Download! 100% Pass Guaranteed!
http://www.CollectDumps.com/500-258.html

Cisco ASA Express Security

Question No: 11

Which three statements about the FirePOWER appliance are true? (Choose three.)

  1. has three platforms: 6000 Series, 7000 Series, and 8000 Series

  2. supports NGIPS with contextual aware

  3. scales up to 100 Gb/s IPS throughputs

  4. supports advanced malware protection

  5. supports application control/URL filtering

Answer: B,D,E

Question No: 12

On Cisco ASA Software Version 8.3 and later, which two statements correctly describe the NAT table or NAT operations? (Choose two.)

  1. The NAT table has four sections.

  2. Manual NAT configurations are found in the first (top) and/or the last (bottom) section(s) of the NAT table.

  3. Auto NAT also is referred to as Object NAT.

  4. Auto NAT configurations are found only in the first (top) section of the NAT table.

  5. The order of the NAT entries in the NAT table is not relevant to how the packets are matched against the NAT table.

  6. Twice NAT is required for hosts on the inside to be accessible from the outside.

Answer: B,C

Question No: 13

The quot;HTTPS decryptionquot; feature is enabled with the default settings and decryption and IPS policies have been applied to the traffic.

Which statement describes what happens when a client connects to a server with an untrusted certificate?

  1. The HTTPS traffic is decrypted but not inspected by the IPS.

  2. The HTTPS traffic is dropped and is not decrypted or inspected by the IPS.

  3. The HTTPS traffic is decrypted, inspected by the IPS, and dropped if a threat is identified.

  4. The HTTPS traffic is not decrypted but is inspected by the IPS and dropped if a threat is identified.

  5. The HTTPS traffic is forwarded to the client but is not decrypted or inspected.

Answer: B

Question No: 14 DRAG DROP

Collectdumps 2017 PDF and VCE

Answer:

Collectdumps 2017 PDF and VCE

Question No: 15

Which three options are predefined policy objects for the Cisco ASA NGFW? (Choose three.)

  1. URL

  2. application

  3. useragent

  4. access

  5. elements

  6. system

Answer: A,B,C

Question No: 16

Which two options are identity policy types? (Choose two.)

  1. known

  2. unknown

  3. active

  4. passive

  5. white-list

  6. black-list

Answer: C,D

Question No: 17

Which two options show the required Cisco ASA command(s) to allow this scenario? (Choose two.)

An inside client on the 10.0.0.0/8 network connects to an outside server on the 172.16.0.0/16 network using TCP and the server port of 2001. The inside client negotiates a client port in the range between UDP ports 5000 to 5500. The outside server then can start sending UDP data to the inside client on the negotiated port within the specified UDP port range.

A. access-list INSIDE line 1 permit tcp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq 2001 access-group INSIDE in interface inside

B. access-list INSIDE line 1 permit tcp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq 2001

access-list INSIDE line 2 permit udp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq established

access-group INSIDE in interface inside

C. access-list OUTSIDE line 1 permit tcp 172.16.0.0 255.255.0.0 eq 2001 10.0.0.0

255.0.0.0

access-list OUTSIDE line 2 permit udp 172.16.0.0 255.255.0.0 10.0.0.0 255.0.0.0 eq 5000-

5500

access-group OUTSIDE in interface outside

D. access-list OUTSIDE line 1 permit tcp 172.16.0.0 255.255.0.0 eq 2001 10.0.0.0

255.0.0.0

access-list OUTSIDE line 2 permit udp 172.16.0.0 255.255.0.0 10.0.0.0 255.0.0.0 eq established

access-group OUTSIDE in interface outside

  1. established tcp 2001 permit udp 5000-5500

  2. established tcp 2001 permit from udp 5000-5500

  3. established tcp 2001 permit to udp 5000-5500

Answer: A,G

Question No: 18

Refer to the exhibit.

Collectdumps 2017 PDF and VCE

A NOC engineer needs to tune some postlogin parameters on an SSL VPN tunnel.

From the information shown, where should the engineer navigate to, in order to find all the postlogin session parameters?

  1. quot;engineeringquot; Group Policy

  2. quot;contractorquot; Connection Profile

  3. DefaultWEBVPNGroup Group Policy

  4. DefaultRAGroup Group Policy

  5. quot;engineer1quot; AAA/Local Users

Answer: A

Question No: 19 DRAG DROP

Collectdumps 2017 PDF and VCE

Answer:

Collectdumps 2017 PDF and VCE

Question No: 20

In one custom dynamic application, the inside client connects to an outside server using TCP port 4444 and negotiates return client traffic in the port range of 5000 to 5500. The server then starts streaming UDP data to the client on the negotiated port in the specified range. Which Cisco ASA feature or command supports this custom dynamic application?

  1. TCP normalizer

  2. TCP intercept

  3. ip verify command

  4. established command

  5. tcp-map and tcp-options commands

  6. set connection advanced-options command

Answer: D

100% Free Download!
Download Free Demo:500-258 Demo PDF
100% Pass Guaranteed!
Download 2017 CollectDumps 500-258 Full Exam PDF and VCE

CollectDumps ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 CollectDumps IT Certification PDF and VCE